From 86871a55f5027456addc8c88b5212ed593d065f7 Mon Sep 17 00:00:00 2001 From: SuZhou-Joe Date: Fri, 27 Oct 2023 17:45:19 +0800 Subject: [PATCH] feat: Only allow workspace CRUD APIs to modify workspace metadata. Signed-off-by: SuZhou-Joe --- src/plugins/workspace/server/saved_objects/workspace.ts | 5 ++++- src/plugins/workspace/server/workspace_client.ts | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/plugins/workspace/server/saved_objects/workspace.ts b/src/plugins/workspace/server/saved_objects/workspace.ts index af90a0faae5c..7ff018a31dd1 100644 --- a/src/plugins/workspace/server/saved_objects/workspace.ts +++ b/src/plugins/workspace/server/saved_objects/workspace.ts @@ -8,7 +8,10 @@ import { SavedObjectsType, WORKSPACE_TYPE } from '../../../../core/server'; export const workspace: SavedObjectsType = { name: WORKSPACE_TYPE, namespaceType: 'agnostic', - hidden: false, + /** + * Disable operation by using saved objects APIs on workspace metadata + */ + hidden: true, /** * workspace won't appear in management page. */ diff --git a/src/plugins/workspace/server/workspace_client.ts b/src/plugins/workspace/server/workspace_client.ts index 295a7f3981f6..890cf9bdd8a0 100644 --- a/src/plugins/workspace/server/workspace_client.ts +++ b/src/plugins/workspace/server/workspace_client.ts @@ -36,13 +36,16 @@ export class WorkspaceClient implements IWorkspaceClientImpl { ): SavedObjectsClientContract | undefined { return this.savedObjects?.getScopedClient(requestDetail.request, { excludedWrappers: [WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID], + includedHiddenTypes: [WORKSPACE_TYPE], }); } private getSavedObjectClientsFromRequestDetail( requestDetail: IRequestDetail ): SavedObjectsClientContract { - return requestDetail.context.core.savedObjects.client; + return this.savedObjects?.getScopedClient(requestDetail.request, { + includedHiddenTypes: [WORKSPACE_TYPE], + }) as SavedObjectsClientContract; } private getFlattenedResultWithSavedObject( savedObject: SavedObject